Derek Newton, on his Information Security Insights blog, has observed that copying a single file (config.db), not specific to a particular computer, out of Dropbox's application data folder (%APPDATA%\Dropbox)*, allows anyone with that file to install and sync with the Dropbox account linked to that particular installation of the local client software. What's the big deal? This means that all of the files stored in that Dropbox are accessible** to anyone who has a copy of that particular config.db, even if the password for the Dropbox account is changed. Please give the original post a read for his three recommendations to deal with this vulnerability.
*His example is from a machine running Windows.
** For viewing, copying, changing or infecting with malware.
Posts
No comments:
Post a Comment